Total Risk Management



Total Risk Management

We would like to express our gratitude to our teacher in charge Prof.Murugank Kapadia for giving us this opportunity of working on this project and guiding us throughout the course of the project.


Total Risk Management

SR NO. 1 2 3 4 5 6 7 8 TOPIC Introduction Principles of Risk Management Potential Risk Treatments Importance of Risk Management Types of Risk Management Application of Financial Risk Management Risk Management, Corporate Governance & Public Corporation Summary & Conclusion PAGE NO. 3 5 10 13 13 18 32 40


Total Risk Management

 Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.  Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.  Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards.  Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.  The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.  Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase.  In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.  Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For


Total Risk Management
example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied.  These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.  Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending and minimizes the negative effects of risks.

For the most part, these methods consist of the following elements, performed, more or less, in the following order:     

identify, characterize, and assess threats assess the vulnerability of critical assets to specific threats determine the risk (i.e. the expected consequences of specific types of attacks on specific assets) identify ways to reduce those risks prioritize risk reduction measures based on a strategy


iterative and responsive to change be capable of continual improvement and enhancement 6 .Total Risk Management Principles of risk management: The International Organization for Standardization (ISO) identifies the following principles of risk management Risk management should:            create value be an integral part of organizational processes be part of decision making explicitly address uncertainty be systematic and structured be based on the best available information be tailored take into account human factors be transparent and inclusive be dynamic.

7 .Total Risk Management Process: According to the standard ISO 31000 "Risk management -. Planning the remainder of the process. when triggered. cause problems. Mapping out the following:    the social scope of risk management the identity and objectives of stakeholders the basis upon which risks will be evaluated. risk identification can start with the source of problems.  Source analysis : Risk sources may be internal or external to the system that is the target of risk management." the process of risk management consists of several steps as follows: o Establishing the context Establishing the context involves: 1. Examples of risk sources are: stakeholders of a project. o Identification:  After establishing the context. 4. Defining a framework for the activity and an agenda for identification. or with the problem itself. 5. 3. employees of a company or the weather over an airport. Risks are about events that. Hence. the next step in the process of managing risk is to identify potential risks.Principles and guidelines on implementation. 6. Mitigation or Solution of risks using available technological. Developing an analysis of risks involved in the process. human and organizational resources. Identification of risk in a selected domain of interest 2. constraints.

for example. a questionnaire is compiled.see Futures Studies for methodology used by Futurists. In different scenarios are created. The scenarios may be the alternative ways to achieve an objective. Creating a matrix under these headings enables a variety of approaches. a market or battle. Alternatively one can start with the threats and examine which resources they would affect. One can begin with resources and consider the threats they are exposed to and the consequences of each. the threat of abuse of privacy information or the threat of accidents and casualties. or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about. Risk charting This method combines the above approaches by listing resources at risk. Threats to those resources Modifying Factors which may increase or decrease the risk and Consequences it is wished to avoid. For example: the threat of losing money. The answers to the questions reveal risks. lists with known risks are available.     8 . problem or event. most important with shareholders. Common-risk checking In several industries. Taxonomy-based risk identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. The threats may exist with various entities. customers and legislative bodies such as the government.  The chosen method of identifying risks may depend on culture. industry practice and compliance. Any event that may endanger achieving an objective partly or completely is identified as risk. Each risk in the list can be checked for application to a particular situation. Based on the taxonomy and knowledge of best practices. Scenario-based risk identification scenario analysis . Common risk identification methods are:  Objectives-based risk identification: Organizations and project teams have objectives. The identification methods are formed by templates or the development of templates for identifying source. Any event that triggers an undesired scenario alternative is identified as risk .Total Risk Management  Problem analysis: Risks are related to identified threats. or an analysis of the interaction of forces in.

in the case of the value of a lost building. but perhaps the most widely accepted formula for risk quantification is:  Rate of occurrence multiplied by the impact of the event equals risk Composite Risk Index:  The above formula can also be re-written in terms of a Composite Risk Index.  The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Numerous different risk formulae exist.  Asset valuation is another question that needs to be addressed. as follows:  Composite Risk Index = Impact of Risk event x Probability of Occurrence  The impact of the risk event is assessed on a scale of 0 to 5.  Thus. 9 . risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized.Total Risk Management o Assessment:  Once risks have been identified. best educated opinions and available statistics are the primary sources of information. there have been several theories and attempts to quantify risks. or impossible to know for sure in the case of the probability of an unlikely event occurring. Nevertheless. they must then be assessed as to their potential severity of loss and to the probability of occurrence. Thus. evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Furthermore. where 0 and 5 represent the minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses).  Therefore. in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan.  These quantities can be either simple to measure.

The overall risk assessment is then Low. and this range is usually arbitrarily divided into three sub-ranges. the three sub-ranges could be defined as 0 to 8. 9 to 16 and 17 to 25. where 0 represents a zero probability of the risk event actually occurring while 5 represents a 100% probability of occurrence. depending on the sub-range containing the calculated value of the Composite Index. Medium or High.Total Risk Management  The probability of occurrence is likewise assessed on a scale from 0 to 5. For instance.  The Composite Index thus can take values ranging from 0 through 25. 10 .

This method may cause a greater loss by water damage and therefore may not be suitable. For example. all techniques to manage the risk fall into one or more of these four major categories     Avoidance (eliminate. Halon fire suppression systems may mitigate that risk. and between risk 11 . sprinklers are designed to put out a fire to reduce the risk of loss by fire. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits.outsource or insure) Retention (accept and budget)  Risk avoidance:  This includes not performing an activity that could carry risk. optimizing risks means finding a balance between negative risk and the benefit of the operation or activity. but the cost may be prohibitive as a strategy.mitigate) Sharing (transfer .  Risk reduction:  Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. An example would be not buying a property or business in order to not take on the legal liability that comes with it. withdraw from or not become involved) Reduction (optimise . but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed.  Acknowledging that risks can be positive or negative. Another would be not be flying in order to not take the risk that the airplane were to be hijacked.  Avoidance may seem the answer to all risks.Total Risk Management Potential risk treatments: Once risks have been identified and assessed.

By an offshore drilling contractor effectively applying HSE Management in its organization. while handling the business management itself. technically speaking. and the measures to reduce a risk. any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. As such in the terminology of practitioners and scholars alike. the original risk is likely to still revert to the first party.  Risk sharing:  Briefly defined as "sharing with another party the burden of loss or the benefit of gain. This way. the purchase of an insurance contract is often described as a "transfer of risk.Total Risk Management reduction and effort applied. it can optimize risk to achieve levels of residual risk that are tolerable. By developing in iterations. For example. the manufacturing of hard goods.  In practice if the insurance company or contractor go bankrupt or end up in court.[  Modern software development methodologies reduce risk by developing and delivering software incrementally. a company may outsource only its software development. the company can concentrate more on business development without having to worry as much about the manufacturing process. from a risk. meaning that insurance may be described more accurately as a post-event compensatory mechanism. Early methodologies suffered from the fact that they only delivered software in the final phase of development. or customer support needs to another company." However. 12 .  Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. the buyer of the contract generally retains legal responsibility for the losses "transferred". software projects can limit effort wasted to a single iteration."  The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. or finding a physical location for a call center. managing the development team.

 Some ways of managing risk fall into multiple categories. or benefit of gain.  War is an example since most property and risks are not insured against war. so the loss attributed by war is retained by the insured.  This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company.  Risk retention:  Involves accepting the loss.  Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. Risk retention pools are technically retaining the risk for the group. but spreading it over the whole group involves transfer among individual members of the group.  This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much. from a risk when it occurs. in that no premium is exchanged between members of the group up front. The risk still lies with the policy holder namely the person who has been in the accident. True self insurance falls in this category. Also any amounts of potential loss (risk) over the amount insured are retained risk. All risks that are not avoided or transferred are retained by default. but instead losses are assessed to all members of the group. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. This is different from traditional insurance.Total Risk Management  For example. 13 .

and currency risk  Credit risk management: Deals with the risk related to the probability of nonpayment from the debtors 14 . commodity risk. All these risk management processes play a significant role behind the growth of an organization in the long term. • The process of risk management helps focus on priorities and in decisions on deploying limited resources to deal with the highest risks. such as interest rate risk. equity risk. Types of Risk Management: There are different types of risk management and the characteristics and procedures of each type of risk management is different from the other. Various types of risk management can be categorized into the following:  Operational risk management: Operational risk management deals with technical failures and human errors  Financial risk management: Financial risk management handles non-payment of clients and increased rate of interest  Market risk management: Deals with different types of market risk.Total Risk Management Importance of Risk Management • Risk Management is essential not only for prevention of risk but also for reduction of risks. political and economic development in a country. Effective handling of risk ensures the successful growth of an organization. • Risk Management leads to maximum social advantages and plays a significant role in bringing about social. Commercial enterprises apply various forms of risk management procedures to handle different risks because they face a variety of risks while carrying out their business operations.

an effort is carried out to numerically ascertain the possibilities of the different adverse financial circumstances to handle the degree of loss that might occur from those circumstances  Commodity risk management: Handles different types of commodity risks.Total Risk Management  Quantitative risk management: In quantitative risk management. legal risk. credit risk. various types of operational risks are managed that occur on a daily basis. In commercial enterprises. political risk. 15 . for example. operational risk and reputational risk  Nonprofit risk management: This is a process where risk management companies offer risk management services on a non-profit seeking basis   Currency risk management: Deals with changes in currency prices Enterprise risk management: Handles the risks faced by enterprises in accomplishing their goals  Project risk management: Deals with particular risks associated with the undertaking of a project  Integrated risk management: Integrated risk management refers to integrating risk data into the strategic decision making of a company and taking decisions. quantity risk and cost risk  Bank risk management: Deals with the handling of different types of risks faced by the banks.  Technology risk management: It is the process of managing the risks associated with implementation of new technology  Software risk management: Deals with different types of risks associated with implementation of new softwares  Operational risk management is an important form of risk management. market risk. it is the supervision of market.  Operational risk management is also known as ORM. In other words. which take into account the set risk tolerance degrees of a department. operational risk management is the supervision of different types of operational risk occurring on a daily basis.  With the help of operational risk management. and liquidity risk at the same time or on a simultaneous basis. liquidity risk. credit. such as price risk.

phishing or hacking. or computer hardware failure and equipment failure. Customers and Business Practices: Risk resulting from inadvertent or careless failure to satisfy a professional responsibility to particular customers (involving fiducial and appropriateness necessities) or from the characteristics of configuration of a commodity. which lead to operational risks. or safety acts or from disbursal of claims related to personal injury or from inequality/unfair treatment  System failure and business interruptions: Risk resulting from interruptions of business operations or system breakdown.  Damages to tangible properties: Risk resulting from damages or losses of tangible properties due to natural calamity or other occurrences. These include telecommunication.   Internal Fraud: Risk arising from fraudulent activities from internal parties. can be categorized into the following types:  External Fraud: Risk arising from fraudulent activities from a third party. for example.Total Risk Management Important Advantages of Operational Risk Management: Following are the most important advantages of operational risk management:     Decrease in losses arising from operations Reduced auditing/compliance expenses Decreased vulnerability to risks in the future Early sensing of illegitimate functions Types of Operational Risk: According to the Basel Committee on Banking Supervision. robbery.  Execution. These involve the following: 16 . supply and process management: Risk arising from failure in process management or transaction processing due to poor association with vendors and commercial service providers. theft. employment.  Workplace safety and employment practices: Risk arising from non-compliance with health. the events. computer software. Products.

preservation or loading fault o Accounting mistake o System/Model malfunctioning o Failure in delivery o Entity assignment fault o Failure in reference data preservation o Failure from collateral management o Unsuccessful compulsory reporting liability o Reporting & monitoring failure o Client Intake & Paperwork o Erroneous external report (incurring loss) o Incomplete or misplaced legal documents o Overlooked client disclaimers/permissions o Unauthorized access offered to accounts o Client/Customer Account Management o Careless damage or loss of customer assets o Inappropriate customer records (incurring loss) o Failure on behalf of commercial partners and non-client vendors and vendor disagreements Operational Risk Management Software: At the present time. Forrester Research has recognized 115 Risk and Compliance and Governance marketers. financial audit can be performed at cheaper expenses. With the help of this software. which deal with operational risk management programs. a number of software products have been introduced for the purpose of operational risk management according to the Sarbanes-Oxley Act.  Financial risk management: 17 .Total Risk Management o Performance & maintenance miscommunication o Transaction seizure o Missed responsibility or deadline o Data entry.

which include the following:       Shape risk Foreign exchange risk Sector risk Volatility risk Inflation risk Liquidity risk  The process of financial risk management involves identification of financial risk.  Financial risk management is a type of risk management.Total Risk Management  Financial risk management is a method of producing or adding value to a company through utilizing financing mediums for handling vulnerability to risk. describing and disclosing credit risk. which tries to add value in a company through implementation of financing mediums (cash instruments and derivative instruments) to handle risk exposure. evaluating the financial risk and strategies to deal with those risks. a number of financial risks can be handled. Financial risk management is an important form of risk management. Financial risk management concentrates on the appropriate time and manner for hedging implementation of cash instruments and derivative instruments to address pricey risk exposures. especially from market risk and credit risk. 18 . In the banking industry all over the world. specifically market risk and credit risk.  With the help of financial risk management. the Basel Accords are usually chosen by multinational or global banking institutions for identifying. operational risk and market risks.

 At the time when this concept is implemented towards financial risk management. The process of market risk management comes with some essential features that help it to be more effective.  In reality. This idea is corroborated by the hedging irrelevance proposition. This indicates that the management of a company has a large number of options to generate value for the shareholders utilizing financial risk management. it denotes that management of a company should not go for hedging risks. no financial market is a perfect market.Total Risk Management Application of Financial Risk Management:  Theories of financial economics suggest that a company should go for a project at the time it grows shareholder value. which the shareholders are able to hedge on their own at similar expenses. which says that in case of a perfect market. a company is not able to perform value creation through hedging a risk while the cost of carrying the risk within the company is equal to the cost of carrying it away from the company.  In addition.  Market risk management:  The concept of Market risk management has gained in importance in the recent times as it has been giving the business organizations a particular risk model that becomes all the more useful when the company is opening or closing business activities. 19 . financial theory demonstrates that the management of the company is not able to produce shareholder (who are also known as the investors of the company) value through undertaking a project. which the shareholders are able to perform for themselves at equal expenses.

Main Characteristics of Market Risk Management: Following are the principal characteristics of the system of market risk management:  World limit management: This process is at the base of the various trading plans that are used across the world as well as their applications.Total Risk Management Uses of Market Risk Management: The process of market risk management has a number of applications in the context of today's global market. These are normally used in order to find out the problems that may be related to market risks  Credit risk management: Credit risk management is extremely important as far as the overall financial stability of the financial institutions like the banks is concerned. The credit risk management situations in most banks are not exactly impressive and thus this process becomes all the more important. This risk structure comes in handy especially when a particular company is operating either in its closing or opening phase.  The various market risk management systems make sure that the various information related to the market are relevant as far as the parameters of input in case of the market risk calculations are concerned.  Indicators: These are applicable only in the case of banks and certain businesses. The basic aim of the system of credit risk management is to reduce the potential of credit risk that may be faced by a particular creditor. 20 . This process also makes sure that the amount of loss that may be faced by a particular company while carrying out business transactions is not more than what is being expected by that organization. Its most basic use lies in the fact that it furnishes the business concerns with a particular risk structure.

the most important factor in this case has been the absence of proper credit rules for the debtors. The system of credit risk management accomplishes that by keeping the levels of the risk faced by a bank within certain acceptable standards. At times it has also been noticed that the companies have not been able to manage their portfolios in a proper way.Total Risk Management Importance of Credit Risk Management: The credit risk management is of utmost importance for the banks and other financial institutions that have been the chief sources of credit for many years. Aim of Credit Risk Management: The most basic aim of the process of credit risk management is to minimize the levels of credit risk that a particular institutional creditor like a bank faces when it lends money to a particular borrower. The banks and other financial institutions that are dealing in credit services have not always been able to take into account the various economic factors that have contributed to a decline in the credit capabilities of the borrowers.  Quantitative Risk Management:  Quantitative risk management is a very important process in the context of the modern day business world.  Risk is regarded as a combination of these three factors:  Possibilities of a hazard 21 . It primarily deals with the concepts of risk and hazard and tries to reduce the chances of the occurrence of any form of financial loss. It has been observed that the financial institutions that are able to manage their credit risks properly are functioning well. Situations of Credit Risk Management: There are a variety of problems related to credit risk management that have been important in this context. However.

Total Risk Management   Possibilities of high losses being suffered as a consequence of the accident Possibilities of a hazard leading to an accident Inputs of Quantitative Risk Analysis:  The inputs of the process of Quantitative Risk Analysis are as follows:      Organizational Process Assets Risk Register Project Scope Statement Project Management Plan Risk Management Plan  The organizational price assets are basically information regarding a particular project that is similar to the one that is being analyzed. This sort of information is taken from project archives. The risk management plans contain information on the risky aspects of a particular business endeavor like:      Budget Types of Risk Explanations of impact and probability Timing and Schedule of Risks Probability and Impact Matrix  The Risk Register performs a similar function to the risk management plans. 22 . The former shows ways to run the project and the later deals with the financial aspects of the project. They may also be the study results of risk specialists as well as a database of proprietary risk. It also categorizes and prioritizes the various aspects of the process of quantitative risk analysis. The project management plans are made up of the cost management plans and the schedule management plans. The project scope statement highlights the positive aspects of a particular business project.

It also tries to limit the extent of loss that may take place if a hazard happens. The risk register is made up of the following components:     Trends in quantitative risk analysis Probabilistic analysis of the project Prioritized list of quantified risks Probability of achieving cost and time objectives  Commodity risk management:  Commodity risk management is very important to provide coverage to all those groups that are related to the commodity market.Total Risk Management Functioning of Quantitative Risk Management:  The primary function of the process of quantitative risk management is to deal with the various elements of the phenomenon of risk by trying to bring down the possibilities of such mishaps. These groups are exposed to maximum financial risks when there is any natural disaster or man-made disturbance. Under normal circumstances the only output of a quantitative risk management process is a risk register.  There are some important aspects as far as the functioning of the process of quantitative risk management is concerned:       Modeling and Simulation Interviewing Expected Monetary Value Probability Distribution Decision Tree Analysis Sensitivity Analysis Output of Quantitative Risk Management: The outputs of the quantitative risk management are the results of the process. 23 .

producers and plantation companies who face these risks. quantity risks and so on Groups Facing Commodity Risk: There are a number of groups that mostly face the commodity risk. Bank Risk Management involves market risk as well as credit risk management. If not covered properly.  Proper commodity risk management is essential to provide stability to this sector as well as to make this sector financially secured. Primarily there are the farmers.Total Risk Management  Commodity market in every country faces some of the common risks. These risks are as follows:   Natural Risks: Natural disasters Man-Made Risks: Political risks. Types of Commodity Risk: There are different types of commodity risk that are faced by the commodity markets across the world. These risks are caused by natural disaster as well as external factors like wars. these risks can cause huge financial loss to a number of groups. is the national governments that are also bound to share these risks with others. Last but not the least. price risks. At the same time. 24 . the purchasers and exporters of commodities also come under the shadow of commodity risk. Bank Risk Management gives an idea of future risks and also promotes prudent risk taking behavior.  Bank risk management: Bank Risk Management is used mostly in the financial sector. political instability and so on.

So managers do a cost benefit analysis whenever portfolio composition changes. They demand considerable time and money. Apart from regulatory requirements. Investment of capital is then directed to options with high reward risk ratios. Banks also learn to handle their available liquidity well. Another characteristic of bank risk management policy is that it is usually not carried out in a decentralized fashion. But violation of prescribed regulations in the capital market attracts heavy penalty. Banks that are involved in trading go in for   Intra day risk management on selective areas Regular measurement of the overall risks faced by the bank Regulators are however. The economic theory of risk management states that the risk of a particular portfolio is usually not determined by a simple addition of the component risks.Total Risk Management Need for Bank Risk Management Repeated financial disasters faced by financial. Characteristics of Bank Risk Management Policies: One of the characteristics of bank risk management policies is that it needs to be updated on a regular basis. 25 . non-financial and government bodies have created the need for bank risk management policies. more interested at knowing the overall risks as compared to the individual portfolio items. bank risk management is needed by the bank managers for the following reasons: -risk ratios. risk monitoring part is already put in place. Bank risk management policies despite their worthiness are resource intensive.

which we refer to as risk.  Formulation of plans: This deals with the preparation of an action plan . Normally risks adversely affect the functioning of an organization. In order to achieve the same they must use their resources efficiently. in case of an eventuality. It is put in place to avoid any unnecessary future hassle arising out of risk factors.  Determination of compensation package in case of an eventuality: Here we try to determine what the ideal compensation package will be. So risk management essentially provides the organization with a back up plan. Different organizations may have different goals. Steps of Nonprofit Risk Management:  Identification of problems: This refers to identification of areas of operation where problems might crop up due to unforeseen events. Herein come the various management policies. Nonprofit risk management provides the organization with an action plan. It mitigates the adverse effects arising out of risk factors. It is this uncertain event.Total Risk Management  Nonprofit Risk Management: Nonprofit risk management is carried out by non-profit organizations. Risk Management Issues Concerning Nonprofit Organizations:        Screening of the organization's volunteers Keeping a tab on the records of driving licenses of both staff and volunteer drivers Developing training and orientation modules for volunteers Developing guidelines for employees Financial negotiations at the time of taking a bank loan Purchase of property Taking insurance of liabilities Reasons for Adoption of Nonprofit Risk Management: For non-profit organizations risk management is essentially a preventive measure.It is done with a view to mitigate the difficulties arising out of risk situations. Nonprofit risk management formulates various strategies and prescribes various techniques to be followed by the 26 .

 Systematic risks are all those risks that affect each and every kind of investments. there are the unsystematic risks like business and financial risk. Attainment of long term set goals also becomes easy.  This happens due to unexpected shifts in the currency exchange rates. Almost everything starting from goods to technologies are exchanged between the traders of different countries. there are the forex market traders who are involved in trading of currencies of different countries. These institutions as well as the individual investors are also in need of currency risk management because the forex market rates and trends change very quickly.  Two types of risks are managed by currency risk management strategies. proper currency risk management strategy is very essential. It is wise to plan in advance for possible future disruptions and create a back up policy for the same. cross border commercial activities are growing at a rapid pace. market risk as well as inflation risk.  Currency risks are related to the floating exchange rates.  A large number of banks. 27 . On the other hand. Interest rate risk.  Nowadays. To avoid or minimize losses caused by these incidents. individuals as well as several national governments are involved in these activities.  These transactions are subjected to currency risk because floating exchange rates are minimizing the chances of fixing the value of a particular currency. On the other hand. all are considered as systematic risks.  Currency Risk Management:  Currency risk can be termed a sudden fall in the value of a particular currency. This helps in the smooth running of the organization. These are the systematic risk and unsystematic risk. The currency exchanges are done for a number of reasons.Total Risk Management organization. These traders participate in the activities of one of the most liquid world financial markets.

 Enterprise Risk Management:  The business sector has its own risks and opportunities.Total Risk Management  Unsystematic risk affects some definite businesses and not the entire market. if the exchange rate of that currency changes at the time of transaction. At the same time.  There should also be a definite trading strategy that can be very helpful in hedging the currency risks. there are certain theories regarding the trading process in the currency market. Managing these risks properly and making full use of the business opportunities are termed as enterprise risk management. 28 . On the other hand. there are a number of growth opportunities that are also related to the business. It helps in developing the business by adding value to the particular business.  One of the most common currency risk management tool is the forward exchange contract. it is also necessary that the provided opportunities are used in the best possible way.  These are also very helpful for currency risk management. the purchaser and the seller are not affected. According to these contracts that are signed between the potential seller and purchaser of a particular currency. Certain amount of risk is associated with all types of business operations. the exchange rates are fixed before the actual transaction.  On the other hand. All these are specialized things and one may seek professional assistance from the currency risk management firms for the purpose. it is essential that these risks are hedged properly so that they cannot cause any kind of loss to the business or even if it causes any harm. These strategies should be developed after analyzing the market averages or market indexes properly. the effects can be minimized as much as possible.  For the overall development.  The transaction takes place in the future but due to the contract.

The monitoring activities are also very important to take hold of the market opportunities. However. there are two principal phases of project risk management and they are assessment of risk and risk control. These are the RIMS and COSO. these risk management strategies are also conscious about monitoring the development of the risk hedging strategy.  Project Risk Management: Project risk management focuses on the management of various types of risks related to a project. Project risk management deals with different types of uncertainties and constraints related to a project (known as project risks). Application of RIMS or COSO depends on the particular situation and is subjected to the approval of the management.Total Risk Management Types of Enterprise Risk Management:  There are two types of enterprise risk management. The process of project risk management is carried out in a number of steps. Assessment of risk may be carried out at any point of time within the duration of the project. Risk control is always 29 . the earlier it is performed. Project risks having negative characteristics are known as threats and project risks bearing positive characteristics are known as opportunities. Nevertheless. Efforts are always on to minimize the threats and maximize the opportunities Project risks can be minimized with the help of eliminating or decreasing them.  Both these types share some common objectives like locating the hidden risk factors and providing solutions to hedge the risk. the better it is for the organization.  At the same time. A project risk is a probable origin of variation from the plan of the project and it may have a positive or negative influence on the project. There are two main phases of project risk management and they are risk assessment and control of risk.

 Project Risk Control Project risk control involves the following steps:  Avoidance of risk: A plan is chalked out as to how project risks can be eliminated or avoided.   Risk transfer: In this way. time period or satisfaction of the necessity of the customer is ascertained. On the other hand. In this process. 30 . a contingency plan is prepared in advance before those risks occur.  Risk acceptance: Certain risks are accepted because they are regarded as small and do not influence the performance of the company to a significant degree. which risks require continuous supervision and monitoring and which risks are not so important to supervise. there is no use of performing a risk assessment. it is determined that which risks require total elimination. Risk mitigation: A number of measures are taken beforehand for minimizing the impact of risk.  Measure and control: Observing the outcomes of the risks that have been detected and handling them to a favorable or productive end. if risk control measures are not undertaken. Analysis of risk: Risk analysis can be quantitative or qualitative in nature. risk is transferred by buying insurance policies. Process of Project Risk Management: The process of project risk management can be elaborated as follows:  Project Risk Assessment : The process of project risk assessment can be further categorized into the following:   Identification of risk: The project risks are identified by examining the whole project plan.  Prioritization of risk: According to this process. the manner in which the project risks may influence the project performance in terms of expenses.  Contingency plan: For risks that are regarded as important.Total Risk Management dependent on a proper risk assessment.

However.   Risk transfer by buying insurance coverage Risk management with the help of outsourcing. All these choices provide the users with specific advantages as well as disadvantages. In such cases the required work is outsourced to external bodies. the choice is normally made after judging the profitability of each one of the options. The banks nowadays work as per three approaches. These approaches are either used on their own or in combinations. The approaches may be mentioned as below:  Risk management with the help of internal processes.Total Risk Management  Technology Risk Management: The system of technology risk management is used in order to deal with the various risks that may arise in the use of technological tools. It has been observed that the risk management strategies that are useful in other cases are generally not applicable when it comes to technology risk management. In such cases controls are extremely important. 31 . Normally it has been seen that the companies that need to take technology risk management steps opt for any of the above-mentioned steps. Processes of Technology Risk Management: As far as the process of technology risk management is concerned after the weaknesses are detected the authorities function in order to eliminate them by developing the proper strategy. This process is especially applicable in case of the banking industry.

Total Risk Management 32 .

The introduction or recognition of these imperfections led to many reasons for having managers manage risk (Smith and Stulz. 7. 1985. 33 . individuals would use informational and other advantages to transfer wealth to themselves from others. 2001). Risk management can be used to assist firms in developing financial plans and funding programs. other stakeholders were brought into the scheme. The usual reasons are: 1. Risk management can be used to stabilize cash dividends. Later. Froot. Grinblatt and Titman. Basically. Risk management can be used to align the interests of management with those of the owners of the company. 5..Total Risk Management Risk Management. 6. 1993). We review these reasons in order to set the stage for connecting them to more fundamental social welfare concerns about corporate governance and risk management. This re-emergence in the scholarly literature can be traced to Ross (1973) and Jensen and Meckling (1976) who introduced the term agency theory into finance. 2. Although such behavior was ascribed to all stakeholders. early attention focused on conflicts on interest between shareholders and managers (a concern of Berle and Means) and shareholders and bondholders. Corporate Governance and the Public Corporation From Theory to Practice: Why Firms Should Manage Risk Not until the re-emergence of corporate governance concerns about the separation of owners and managers articulated by Berle and Means in the 1930s reappeared in the “modern” finance literature did risk management enter the “scientific” world of financial economics.g. Risk management can reduce the costs of financial distress and bankruptcy. early and late financial agency theory took the seminal works of early financial theory that were developed around the notion of perfect capital markets and introduced imperfections into the analysis. 4. At the core of financial agency theory was the notion that in a world of informational asymmetries and self-seeking behavior. Scharfstein and Stein. 3. Risk management can be used to design management compensation plans that hold management accountable only for the factors under their control. Risk management can be used to lower the firm’s expected tax payments. reasons that have found their way into contemporary financial management textbooks (e. Ways of solving or mitigating these conflicts are the concerns of corporate governance. Risk management can be used to encourage and protect firm specific investments.

Any such tax-coded asymmetry is exacerbated under a progressive tax code. other stakeholders take a different view of the situation. debt financing may reduce the overall after tax cost of capital to the company by creating an interest expense tax shield with the benefits accruing to the shareholders.Total Risk Management Using Risk Management to Lower Taxes Although not associated with informational asymmetries. risk management strategies can be used to arbitrage or negate tax code asymmetries. are reasons for risk management emanating from how the company is financed – itself a governance structure issue – and how the suppliers of capital monitor and control managers. Another common tax code asymmetry is the differential treatment of gains and losses. Reducing Financial Distress and Bankruptcy Costs While fully diversified equity investors may not pay much attention to the unique risks associated with price. In contrast. the average tax paid will be lower if the firm hedges its exposures to these price changes and pays taxes on the average gain over the entire cycle. Consider Toolco. Southeast Asia and Europe are both major markets for Toolco with 34 . To the extent that risk management enables a firm to use more debt (increase its financial leverage) risk management becomes a way of reducing taxes by letting a firm borrow more money and obtain interest expense tax shields. Exchange rate or commodity price gains may be taxable. however. the losses could not be used to offset the gains. If the gains average out over a business or price cycle. These other stakeholders include creditors. especially if the progressivity is steep. More interesting from a corporate governance perspective. currency and interest rate volatility. Interest payments are tax deductible and paid from before tax dollars. taxes qualify as a market imperfection. Consequently. One tax code asymmetry is the differential treatment of interest expense and cash dividends. losses may not be fully or immediately deductible. cash dividend payments are paid from after tax dollars. To the extent that taxes levied on corporate income differ from those on personal income or treat some forms of income differently from others. provide on-going service and technical assistance and supply spare parts. if the firm did not hedge the exposures. customers and suppliers and they could suffer substantial costs should a company find itself in financial difficulty. a machine tool manufacturer that produces and sells highly specialized equipment to customers who rely on the company to honor warranties. however.

This strengthening of the dollar will cause a substantial reduction in Toolco’s profits and cash flows. suppliers and customers. the improvement in Toolco’s financial position may improve the terms on which suppliers sell to Toolco. ultimately. Using Risk Management to encourage and Protect Firm Specific Investments Stakeholders of the firm include its employees. should the dollar remain strong for an extended period. 35 .Total Risk Management German and South Korean manufacturing firms being major customers. So. Toolco’s overall competitive position will weaken relative to its foreign competitors. The explanation offered is a reduction in financial distress costs along with the deductibility of interest expense story. especially if the stakeholders make firm specific investments (Williamson. produce and deliver high quality machine tools as contracted. quotes prices and bills customers in local currency – Euros and South Korean won. The end result for Toolco will be an increase in the market value of its common stock.S. managers. the dollar value of Toolco’s outstanding bids and accounts receivables will plummet. dollar appreciate substantially relative to the euro and won. the firm will enjoy an improved competitive position in its product and labor markets. Contemporary textbook treatments of risk management also develop the story that locking in a certain level of operating cash flows may also permit Toolco to use more debt to finance itself. Toolco prepares bids. a reduction that will affect its ability to provide service and spare parts and. In turn. It can hedge its exchange rate exposures and adopt other exchange rate exposure strategies – such as currency swaps for financing its foreign operations – that reduce the likelihood of Toolco experiencing severe financial problems from unexpected exchange rate movements. an outcome desired by its shareholders. Managing currency risk may also lead to an increased willingness of customers to buy from Toolco because of its ability to withstand financial difficulties. Toolco can use risk management strategies to mitigate the potential financial problems associated with currency risks. Furthermore. These stakeholders find it very difficult to diversify away the risks they are exposed to in their relationships with the firm. to the extent that risk management is able to reduce the risks of financial distress and failure. Should the U. Toolco uses both debt and equity to finance itself. 1985).

And. These costs go beyond the costs of looking elsewhere for employment. These firm-specific skills generate the positive NPV projects. especially for highly skilled technical and managerial employees. these firm specific skills enable the firm to find and undertake positive net present value projects. equal access to the better opportunities …. a more fundamental relationship exists between having employees and other stakeholders make firm specific investments and the need for firm survival. also. status and job security. Expressed in the terminology of financial management. Instead of ascribing the excess returns to monopolistic practices. including the patents that Modigliani and Miller invoke for explaining the existence of economic rents. let firms earn excess returns due to special circumstances such as patents and other factors. Perhaps what MM have in mind is a two-tier market. We would argue that it is the firm specific skills amassed by the firm’s employees that make it possible for the firm to earn more than its cost of capital. as pointed out in most textbook treatments of the subject. firm-specific skills are developed. 36 . employees have a considerable interest in the success of a company because they would incur substantial adjustment costs were the firm to fail. instead. The returns are not entirely pecuniary. This notion of the importance of firm survival and the need to manage total risk so as to support the development of firm specific skills to make positive NPV projects fits nicely into David Durand’s critique of Modigliani and Miller’s irrelevance of capital structure given perfect capital markets. Durand then argues that this “rationale implies that their [MM] perfect market is not perfect enough to accord everyone. hence. let’s ascribe them to firm-specific skills and accumulated knowledge. whether firm or individual investor. But. the firm needs to survive as a going concern. to ensure these unique. firms that can offer security and the prospects of financial success to their employees and managers are likely to garner greater employee loyalty and recruit and retain the “better” workers and managers. So. but come in the form of promotions. And. an outcome that investors cannot duplicate on their own regardless of whether financial markets are perfect.” Durand concludes that investors in security markets can earn only a zero NPV return because the investor does not have access to the monopolistic opportunities available to the firm. with one tier for securities and the other for physical assets. Durand (1989) notes that Modigliani and Miller did not restrict the firm’s investment opportunities to only perfectly competitive zero net present value projects but. the need for managing total risks. These individuals typically make major commitments of time and effort to develop company specific skills and look to the continued growth and success of the company for the returns on these investments. We want to suggest another way of phrasing Durand’s critique.Total Risk Management For example.

These complimentary firm specific investments between suppliers and users support and produce inter-firm efforts that. in a world of self-seeking behavior and informational asymmetries (where managers have more information than owners).Total Risk Management As we mentioned earlier in connection with financial distress costs. However. Therefore. Usually. Think of it this way: The firm can be characterized as a voluntary association to create new wealth with new wealth thought of as positive NPV projects. 37 . So. once the firm’s stakeholders become vested in the company with their firm specific investments. 1998). managers are likely to be interested in their own well being as much as the well-being of the owners of the company. in turn. generate relational rents (Dyer and Singh. the need to manage total risk at the firm level rather than only the systematic risk at the investor level. equipment and production technology to service weak customers who may not be around next year to buy the components. To exacerbate matters. risk management becomes a very important way for owner-managers of closely held firms to protect themselves from commodity price and exchange rate risk. Therefore. the objective of management should be to maximize the price of the company’s common stock. conflicts of interest between managers and owners of publicly held companies are likely to arise. the owners have most of their wealth tied up in the company and cannot obtain the benefits of portfolio diversification that would eliminate the unique financial risks of the company. These actions create costs called agency costs and they reduce the market value of the company. Managers may seek to extract perks from the company and grow the company at the expense of the shareholders by making unprofitable investments so as to keep control of corporate resources. suppliers and customers also have a direct interest in the financial health and survival of the firm. they have an interest in sustaining the firm and their association with the company. The above reasons for risk management arise not so much out of conflicts of interest among stakeholders as out of the benefits associated with the survival of the firm. Using Risk Management to Monitor and Control Managers From a public shareholder’s perspective (a perspective generally assumed by financial theory). Hence. Suppliers are unlikely to make firm specific investments in plant. risk management actions that reduce the likelihood of a firm failing will increase the willingness of suppliers to enter into long-term contracts and make investments in equipment and product development that benefit the buying firm. preserve their jobs and increase their salaries. the owners have their human capital tied up in the company as well. Many small and medium-sized firms are privately owned and owner managed. This new wealth requires firm specific skills and investments such that.

By letting managers eliminate these risks through hedging. suppose the Thai baht substantially depreciates against the dollar. by reducing the consequences of project failure for management.S. the shareholders need not worry about managers rejecting projects that are very profitable based on their systematic risk exposures but unlikely to be undertaken unless managers can hedge the unique risks to protect their jobs and the company in the event of a “bad draw. Risk management enters into this process the following way: Unlike shareholders. Now. managers are exposed to the total risk of the company. not just the systematic risk. Wadco manufactures circuit boards in Thailand and sells them to U. However. companies. managers are likely to make decisions based on the total risk of a venture whereas shareholders would prefer managers to consider only the systematic risk. However.Total Risk Management Students of financial economics and organizational behavior use financial agency theory to analyze and understand these costs and recommend ways to reduce them. Hedging has effectively reduced agency costs and increased the market value of the company even though the project’s systematic risks and expected rate of return are unaffected. Wadco’s Thai division will report very high profits as a result of the Thai devaluation. Risk management strategies are used in conjunction with managerial performance evaluation and compensation systems to separate financial outcomes under management control form those not under their control. Now. Regardless of why the firm fails.” Such hedging costs the public shareholders nothing in terms of expected returns on the hedged project and also doesn’t affect the systematic risk. should the mangers of Wadco be paid a bonus for this performance? What control did they have over the devaluation of the baht? Suppose the baht had appreciated instead of depreciated? Should the managers of Wadco be penalized for this outcome? 38 . the managers are out of a job. reducing the total variance of firm cash flows may be very important for managers who. dollars. a project which would have been discarded without the knowledge of public shareholders is now undertaken. suppose you are a large institutional investor who owns stock in Wadco Enterprises. One important application of agency theory is the design of management evaluation and compensation systems that reduce conflicts of interest between managers and owners by aligning managers’ interests with the shareholders. Consequently.S. recall that we said financial theory predicted that hedging would not improve firm values if all it did was to reduce the variance of the firm’s cash flows because investors could do this on their own through diversification. cannot diversify away the risks associated with certain business ventures. managers cannot diversify away the unique risks associated with the company. Wadco has an executive compensation program with bonuses tied to operating cash flows measured in U. However. unlike investors. Wadco costs are in Thai baht and its revenues in dollars. With costs denominated in Thai baht and revenues in dollars. For example.

especially across divisions. by requiring managers to hedge the exposures. firms would have a capital budget in place along with a plan to finance the expenditures.Total Risk Management A widely held opinion is that Wadco management bonuses should not be affected by unexpected exchange rate movements because managers had no control over these events. shareholders make it more difficult for management to claim that poor performance was caused by events outside of their control. Normally. Bonuses and performance evaluations should be based only on outcomes over which managers have control. stockholders. such as production. exchange rate and interest rate exposures. by having Wadco managers hedge the exchange rate exposures. 39 . This higher quality information makes it easier to decide how to allocate funds within the firm and may increase the “trust” of competing managers in the capital allocation process. By hedging commodity price. like the large institutional investors. Using Risk Management to Improve Decision Making and Capital Budgeting Substantial volatility from quarter-to-quarter and year-to-year in operating cash flows and net income makes it difficult to evaluate the fundamental performance of a company and divisions or other units within the company. product lines and geographic locations. exchange rates and interest rates can be removed through risk management strategies that minimize cash flow and income variability. Risk management can also be used to protect against disruptions in implementing a capital budget by ensuring that substantial shortfalls in internally generated funds do not occur as a result of unexpected price movements. Furthermore. The noise introduced into these measures by volatile commodity prices. firms can better plan both the capital expenditures and the funding arrangements. marketing and sales. can focus management attention on things management can control. So. Removing the noise improves decision making by providing higher quality information on fundamental performance.

Dividends. it is especially important for firms with public shareholders. risk management designed to stabilize dividend payments is really stabilizing the total cash flow stream available for investment and dividend payments. the customers of companies that develop software programs for proprietary use want to be sure the developer will be around to supply second and third generation products and to service the existing systems. For example. an extensive body of literature has shown that dividends do matter – especially if dividends are cut. 40 . this claim is true only for perfect capital markets. but. dividend payments and the financial health of the company to all the firm’s stakeholders. To the extent that dividend policy and investment policies (capital budgeting) are not independent of each other. Consequently. risk management makes it possible to maintain cash dividends and smooth out the dividend cash flow stream. these customers monitor the cash flows. stock prices and dividends of the suppliers to assess the supplier’s financial health and ability to develop new products. of course. by stabilizing cash flows. So. therefore are important for maintaining a company’s competitive position in its product markets as well as for providing shareholders with an adequate return on their investment.Total Risk Management Risk Management and Dividends Do dividends (like capital structure) matter? Miller and Modigliani (1961) said no. This stabilization of dividend payments is needed to communicate information about future investment returns. Since then. Note that while stabilizing the cash flows available for investment and distribution to owners as cash dividends is important for all firms.

The role of the shareholders is to ensure that managers do not waste economic resources within the overriding social responsibility functions of the firm. While regulation should discourage speculative abuses. then. These imperfections arise out of conflicts of interest among stakeholders seeking to advance their own interests in the presence of informational asymmetries and distortions introduced by taxes. transaction costs and legal systems. Implicitly or explicitly. control and compensate managers so as to protect their investments in the company. From a social welfare perspective. This broader perspective on risk management should be the one that informs the regulation of risk management products and markets. In finance. are assumed to be efficiently diversified investors concerned only with the expected return and non-diversifiable risk of their investments. in a perfect world. 41 . risk management makes a major contribution with respect to preserving the firm as a social welfare organism.Total Risk Management Summary and Conclusions Risk management is presented in the finance literature as a cure for market imperfections. Firm survival and continuity is important for societal reasons and risk management assists in this task. the objective of risk management is stated as maximizing the wealth of the existing owners of the firm who. This organization does not exist solely for the benefit for the shareholders but is part of a larger scheme designed to achieve a set of political objectives which vary from one country to the next but generally regard the corporation as serving more than the needs of its owners. Hence. but not supreme. accepting a broad definition of corporate governance focused on how society is organized with economic efficiency objectives being important. it should also recognize the economic efficiency and growth objectives that are enhanced by having risk management products. dominates the market imperfection arguments of financial economists for risk management. the existence of risk management is tied directly to the governance issues of how investors monitor. however.

Total Risk Management 42 .

Total Risk Management 43 .

Total Risk Management 44 .

Total Risk Management 45 .

Total Risk Management 46 .

Total Risk Management 47 .

Total Risk Management 48 .

Total Risk Management 49 .

Total Risk Management 50 .

Total Risk Management 51 .

Total Risk Management 52 .

Total Risk Management 53 .

Sign up to vote on this title
UsefulNot useful